(www.kroah.com)

103 points voxadam | 1 comments | 09 Dec 25 22:47 UTC | HN request time: 0.201s | source

Show context

loph[dead post] ◴[09 Dec 25 23:13 UTC] No.46212018[source]▶

[flagged]

landr0id ◴[09 Dec 25 23:20 UTC] No.46212080[source]▶

>>46212018 #

I'm surprised Firefox didn't warn me when I went to the page. Hostile teleco/MITM waiting for HTTP traffic are a real-world way that nation states deliver exploits.

replies(3): >>46212510 #>>46213091 #>>46213103 #

vpShane ◴[10 Dec 25 00:18 UTC] No.46212510[source]▶

>>46212080 #

It did for Librewolf -- what I moved to from Firefox. Self-Signed certs I'm down with, http I'm not, and never will be for any reason. Plain-text data transmissions have no acceptable reasoning.

replies(2): >>46212607 #>>46213243 #

schmuckonwheels ◴[10 Dec 25 00:33 UTC] No.46212607[source]▶

>>46212510 #

You do realize self-signed certs are useless, could have been tampered with, and could have just as easily been created by a malicious actor?

There's a reason most default self signed certs are called "snake oil".

replies(2): >>46213117 #>>46220789 #

1. vpShane ◴[10 Dec 25 17:42 UTC] No.46220789[source]▶

>>46212607 #

They're not useless. And I'm well aware of how MITM attacks work. Any hops along the path from my VPN endpoint to the server unencrypted can be, and are: viewed with plaintext. With a self signed certificate I can choose to accept the certificate or not. I'm not arguing to use them, I'm saying I've moved on from http, which is reasonable for me to do in today's 'get all of their data' age.

↑

Linux CVEs, more than you ever wanted to know